What is PCI? Understanding the Importance of PCI Compliance
PCI DSS stands for the Payment Card Industry Data Security Standard. If your company processes, stores, or transmits credit card information, PCI DSS compliance is critical for you.
The PCI DSS ensures that cardholder information is used, stored, and transmitted safely. Following the rules is an industry best practice. You prove to your customers that your company is trustworthy.
But if you’re not PCI compliant, you could also face steep fines that could cripple your business.
What is PCI compliance?
Guidelines start the PCI compliance process. You must know what your company is expected to do, and you must build processes accordingly. Then, documentation begins. You must prove that you're doing all you can to keep cardholder data secure.
PCI compliance begins with the PCI itself. The Payment Card Industry Council was founded in 2006 by representatives from:
- American Express
- Discover
- JCB International
- MasterCard
- Visa
Each company shares council responsibilities equally, and they all require PCI DSS compliance from their business partners.
PCI created the Data Security Standard (DSS), along with the supporting materials, such as:
- Specification frameworks
- Toolkits
- Measurement guides
- Supporting materials
Any company that accepts, stores, or transmits cardholder data must be PCI DSS compliant. Even very small companies, and those that work with third-party payment processors, must be compliant.
If you're not compliant, you could face a fine of up to $500,000 per security breach incident. Additionally, you must notify every person who might have been exposed in an attack, and those notifications can be costly.
Consumers may also choose to sue you independently. And you could face government fines too.
Are you PCI compliant?
Don't make assumptions about the safety of cardholder data you collect. Learn more about what the guidelines say and walk through your processes to ensure compliance.
PCI DSS standards start with six goals. Each company should:
- Build and maintain a secure network.
- Protect cardholder data.
- Maintain a vulnerability management program.
- Implement strong access control measures.
- Regularly monitor and test networks.
- Maintain an information security policy.
How can you meet these goals? PCI DSS requirements lay out the steps.
- Start with firewalls. Install and maintain a firewall, and configure it as best you can to keep intruders out.
- Strengthen passwords. Don't use passwords that come with your devices, and look for ways to ensure you're following password best practices.
- Protect in storage. If you store cardholder data, ensure that you surround it with security.
- Protect in transit. If you move data across networks, ensure that it's encrypted.
- Stop attacks. Install anti-virus programs, and keep them updated.
- Tighten. Create secure systems and maintain them.
- Restrict electronic access. Don't allow everyone to touch cardholder data. Ensure only those who need to know about it can see it.
- Track. Give each person with a